Need-to-know, from yesterday.

According to Crunchbase, the foudner of FlexSpy spyware is Atir Raihan, from Wilmington, Delaware https://www.crunchbase.com/organization/flexispy/profiles_and_contacts

From June: "FlexiSpy is an unfunded company based in Victoria (Seychelles), founded in 2005 by Atir Raihan. It operates as a Monitoring app for mobile phones and PCs. FlexiSPY has not raised any funding yet."

FlexSpy company profile: https://tracxn.com/d/companies/flexispy/__RYUIoDOd66yFyuEa5E6PtDDSwHchxhFmQxp7dlvF6b8

iVerify had a post on FlexSpy late last year:

FlexiSPY - The Spyware Tool Crossing the Line Between Security and Crime https://iverify.io/blog/flexispy-the-spyware-tool-crossing-the-line-between-security-and-crime @iverify

The Record: Researchers find spyware on phones belonging to Kenyan filmmakers https://therecord.media/researchers-spyware-kenya-filmmaker-phone

Atlantic Council: Mythical Beasts: Diving into the depths of the global spyware market https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/mythical-beasts-diving-into-the-depths-of-the-global-spyware-market/ @AtlanticCouncil

"The U.S. is the largest investor in the spyware market."

The Record: Report: US investors in spyware firms nearly tripled in 2024 https://therecord.media/us-investors-in-spyware-tripled-in-2024 https://therecord.media/us-investors-in-spyware-tripled-in-2024 #cybersecurity #spyware #infosec #Android #iOS

This dumb password rule is from Sprint.

Sprint "upgraded" their security and disallow special characters.

https://dumbpasswordrules.com/sites/sprint/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

VPNs protect families, businesses and democracy.

They keep NHS data secure, help parents manage online risks, and give people in repressive states access to news.

Treating VPNs as a “problem” is misguided. Attacking them is an exercise in throwing the baby out with the bath water.

Efforts should focus on educational measures for young people and regulating the age verification industry.

#OnlineSafetyAct #onlinesafety #OSA #VPN #VPNs #privacy #cybersecurity #freespeech #ukpolitics #ukpol

VPNs aren’t a meaningful threat to age assurance.

⚫ 6–12 year olds are very unlikely to use them, due to technological and economic barriers.

⚫ Older teens already know other workarounds. For these teenagers educational rather than ineffectve technical interventions might be more appropriate.

⚫ Adults use VPNs as they don’t trust unregulated age assurance providers with their personal data.

#OnlineSafetyAct #onlinesafety #OSA #VPN #VPNs #privacy #cybersecurity #freespeech #ukpolitics #ukpol

VPNs must not face the chop 🚫

Next week the UK House of Lords will debate whether VPNs undermine the Online Safety Act.

Banning or blocking VPNs will shatter security, privacy and free expression in a self-defeating attempt to make the unworkable workable.

Read our briefing ⬇️

https://www.openrightsgroup.org/publications/briefing-vpns-and-the-online-safety-act/

#OnlineSafetyAct #onlinesafety #OSA #VPN #VPNs #privacy #cybersecurity #freespeech #ukpolitics #ukpol #ageverification

This dumb password rule is from Southwest.

Password must be between 8 and 16 characters in length and include at least one uppercase letter
and one number. Certain special characters are also allowed, but the first character of the password must be alphanumeric.

https://dumbpasswordrules.com/sites/southwest/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Hey, all those worries privacy advocates have had about Stingray (fake cell phone data collection devices) being abused? GUESS WHAT.

Forbes: How ICE Is Using Fake Cell Towers To Spy On People’s Phones

https://www.forbes.com/sites/the-wiretap/2025/09/09/how-ice-is-using-fake-cell-towers-to-spy-on-peoples-phones/

#privacy #cybersecurity #stingray #fascism #ice #bigbrother

This dumb password rule is from Safeway.

Passwords limited to 8-12 characters.

https://dumbpasswordrules.com/sites/safeway/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Intel.

https://dumbpasswordrules.com/sites/intel/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Inria.

This is the account for those who work at [Inria](https://www.inria.fr/)
"the French national research institute for
the digital sciences".

You have to wonder what's wrong with these special characters but not
the other ones.
- Password expiration once a year
- Your password must contain at leas...

https://dumbpasswordrules.com/sites/inria/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Twilio.

Restriction in inclusion of characters such as 'Twilio' in password. Password must be 16 or more characters & Can't include 3 or more consecutive repeated characters.

https://dumbpasswordrules.com/sites/twilio/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Looks like #Plex got hacked. Emails, usernames, and hashed passwords were accessed. Sounds like they’re worried about active session tokens having been accessed too

Change your account password, then sign out all devices by visiting https://plex.tv/security

If you don’t already have MFA enabled, do so ASAP!

https://forums.plex.tv/t/important-notice-of-security-incident/930523

https://www.reddit.com/r/PleX/comments/1nc04kh/oh_boy/

#Homelab #Selfhosted #DataBreach #Selfhosting #Cybersecurity

This dumb password rule is from IRS.

Password rules:
- Between 8 and 32 characters long
- Must contain at least one numeric and one special character (!@#$%&*)
- At least one uppercase and at least one lowercase letter

https://dumbpasswordrules.com/sites/irs/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

The #SSL certificate for the links redirect URL ( https://links.ssa.gov/ ) in emails from #SocialSecurity is expired.

Even if they are using a different link url now, they need to keep the old one secure. This is from an email not that long ago.

This particular email link redirects you to the Social Security my SSA login in page which then has buttons to take you to Login.gov or ID.me.

#InfoSec #SSL #CyberSecurity

Alt...

Your connection isn't private Attackers might be trying to steal your information from links.ssa.gov (for example, passwords, messages, or credit cards). Learn more about this warning NETLERR CERT DATE INVALID Subject: links ssa gov Issuer: GoGetSSL RSA DV CA Expires on: July 16,2025 Current date: Sep 7, 2025 PEM encoded chain:

Alt...

® Social Security Sign In or Create an Account By signing in or creating an account, you agree to the Privacy Act Statement and If you already have a IEeiR NR ABRLE account, do not create a new one. You c Security services. sign in with ID.me © The Social Security usemame sign-in option is no longer available. Please us [Z Create an account with Login.gov [2 Create an account with ID.me © Sign in Help and Support External Site Disclaimer OMB No. 0960-0789 Privacy Policy Accessibility Help

This dumb password rule is from Replit.

Forces to use minimum 8 characters in the password and it must contain at least one uppercase.

https://dumbpasswordrules.com/sites/replit/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Entwickler.de.

Your password must be 12-20 characters.

https://dumbpasswordrules.com/sites/entwickler-de/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Burger King hacked, systems described as 'solid as a paper Whopper wrapper in the rain’ – hackers 'impressed by the commitment to terrible security practices,' also exploited other RBI brands like Tim Hortons and Popeyes:

"Ethical hackers BobDaHacker and BobTheShoplifter have detailed their claim that they uncovered “catastrophic” vulnerabilities in multiple platforms hosted by Restaurant Brands International (RBI). While RBI may not be a very familiar name, this lax security means that systems powering mega brands like Burger King, Tim Hortons, and Popeyes, with over 30,000 locations worldwide, and all were almost trivially easy to hack. “Their security was about as solid as a paper Whopper wrapper in the rain,” snarks the BobDaHacker blog, sharing the full technical exposé (the blog has since been taken down, but it's archived here)."

https://www.tomshardware.com/tech-industry/cyber-security/burger-king-hacked-digital-platform-as-solid-as-a-paper-whopper-wrapper-in-the-rain-easy-security-bypass-exploited-catastrophic-vulnerabilities-also-worked-on-other-rbi-brands-like-tim-hortons-and-popeyes

#infosec #cybersecurity

This dumb password rule is from Charles Sturt University.

Prevents spaces and a set list of characters, limits to 30 characters and can only change your password twice per day.

https://dumbpasswordrules.com/sites/charles-sturt-university/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Apple.

Can't contain 3 or more consecutive identical characters, nor can it be more than 32 characters long.

https://dumbpasswordrules.com/sites/apple/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from NetworkRail Open Data Feeds.

Does require special characters but limits password length to 20.

https://dumbpasswordrules.com/sites/networkrail-open-data-feeds/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Cigna.

A max of 12 characters... Can't handle most symbols (only 5 supported). At least they have two factor auth via email or sms **sigh**

https://dumbpasswordrules.com/sites/cigna/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This is the only thing really worth saving, and possibly worth reading, that I ever posted to Twitter. #infosec #cybersecurity

Alt...

Recognize the early stages of infosec: "I just read the top 100 passwords’ and they're super weak!’” "I turned on external logging and there's al these brute force attempts!” “People still use Java!" ~ “SHODAN!" Recognize the secondary stages of infosec: "I stayed up for 30 hours straight an it was awesome!” “Is antivirus actually useless?” “I'm gonna be the best purple teamer!” “But they promised they'd reimage last year!” “Damn, | gotta learn Python..” “But wasn't it China?” Recogrize the tertiary stages of infosec: “NEVER MIND, they do need antivirus.* “So, attribution is hard...” “Paexec, again?!l” “Stolen creds, again?l” “How is my hard drive full of VM snapshots?” “I went to a con but | just talked to people...” "Do I drink too much?” Recognize the quaternary stages of infosec: “You know, forget the pen test, let’s just build an asset inventory and network map.” “I secretly want to skip this con, but I'm speaking about beer.” “I am genuinely considering opening a bar in a few years” “I probably drink too much.”

This dumb password rule is from Electronic Arts (EA).

Your password must be 8 - 16 characters, and include at least one lowercase letter, one uppercase letter, and a number.

https://dumbpasswordrules.com/sites/electronic-arts-ea/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

My Raider Raccoon fit for the DCNextGen party 🥳 🦝
I'll take any excuse to wear a onesie 🤭

@defcon @defconnextgen

#defcon #cybersecurity #raccoon

This dumb password rule is from Runescape.

A minimum password length of 5, and maximum password length of 20.

Does not tell you that your password is NOT case sensitive.

Hidden requirements: Alphanumeric only, no symbols, no repeated characters.

https://dumbpasswordrules.com/sites/runescape/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from WellStar MyChart.

Your password must be between 8 and 20 characters.

https://dumbpasswordrules.com/sites/wellstar-mychart/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Global Entry.

"Our duties are wide-ranging, and our goal is clear - keeping America
safe."

https://dumbpasswordrules.com/sites/global-entry/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Coventry Building Society.

Password has to be between 6 and 10 characters, can't contain any punctuation and you have to give characters from it on the phone to confirm identity.

https://dumbpasswordrules.com/sites/coventry-building-society/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from MTS Serbia.

MTS is a national mobile and internet provider in Serbia and they have bad password rules.
Translation: The password must have more than 6 character, less than 17 characters and one
of the following combinations: upper case or lower case letter and a number, upper case or
lower case letter and a ...

https://dumbpasswordrules.com/sites/mts-serbia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Moose Mobile.

Moose mobile is an Australian mobile service provider that imposes poor password requirements.
"The password must be of minimum 4 and maximum 15 characters. The Confirm Password field may only contain alpha-numeric characters."

https://dumbpasswordrules.com/sites/moose-mobile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from IRS.

Password rules:
- Between 8 and 32 characters long
- Must contain at least one numeric and one special character (!@#$%&*)
- At least one uppercase and at least one lowercase letter

https://dumbpasswordrules.com/sites/irs/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Global Entry.

"Our duties are wide-ranging, and our goal is clear - keeping America
safe."

https://dumbpasswordrules.com/sites/global-entry/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Blue Cross Blue Shield Massachusetts.

16 maximum and no special characters. Protecting your US healthcare
information.

https://dumbpasswordrules.com/sites/blue-cross-blue-shield-massachusetts/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🆕 blog! “Some minor bugs in Proton's new Authenticator app”

I maintain a a test-suite for TOTP codes. It contains a bunch of codes which adhere to the specification, some of which stretch it to breaking point, and some that are completely invalid. These codes are a good starting point for checking whether a 2FA / MFA app works correctly.

Proton …

👀 Read more: https://shkspr.mobi/blog/2025/08/some-minor-bugs-in-protons-new-authenticator-app/
⸻
#2fa #CyberSecurity #MFA #Proton #totp

This dumb password rule is from Vietnam Airlines.

`[[:alnum:]]{6,8}`

https://dumbpasswordrules.com/sites/vietnam-airlines/

#password #passwords #infosec #cybersecurity #dumbpasswordrules